dongshan1811 2013-08-17 23:39
浏览 23
已采纳

在crypt()中手动设置舍入不正常

I had setup a password system which had the system generate a random digit character and use that as the rounds number for crypting a password.

It worked fine until recently when logins stopped working. After a bit of debugging i realized that the cyrpt() function is not accepting the 4 digits anymore and instead only keeping the first 2 digits.

Example:

Generated Rounds Number:6355 Crypt output: $6$rounds=63$jOa4lXzFPo1W120PzaHk06JjQQ0C/PvmzB6SGdtniZ3hy2OeCQ9WDf2qlFEb9lHikGJcgp7vvI1wZxX4PcJWQ/

As you can see only the first 2 digits are being kept.

Does anyone have a solution to why this suddenly changed?

  • 写回答

1条回答 默认 最新

  • douzheng9221 2013-08-18 00:06
    关注

    First of all, there is no purpose for using a randomized number of rounds. This adds no additional security.

    Secondly, it sounds like you are using this to validate passwords of users logging into your site. If that is what you are doing, then using a one way hash rather than encryption is the most secure way.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 微信小程序协议怎么写
  • ¥15 c语言怎么用printf(“\b \b”)与getch()实现黑框里写入与删除?
  • ¥20 怎么用dlib库的算法识别小麦病虫害
  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看